Can I use asymmetric encryption with AWS KMS?

0
votes

I was wondering if I can use AWS KMS with such a use case. I want KMS to decrypt data sent over my an on-prem system (so no KMS). I was hoping that KMS can store the secret key. The on-prem system will use the public key to encrypt the data. Is this a feasible way?

From what I read so far KMS uses symmetric encryption? I can do what I want by using KMS to encrypt/decrypt my secret key, but the downside there is my app will have the secret key in plain text when using it.

2
amazon-web-servicesencryptionaws-kms

2 Answers

1
votes

AWS KMS is for symmetric encryption only. There is no way to use KMS with asymmetric cryptography.

If you need this kind of functionality, you can use CloudHSM instead of KMS.

1
votes

AWS KMS supports the following asymmetric key types - RSA 2048, RSA 3072, RSA 4096, ECC NIST P-256, ECC NIST P-384, ECC NIST-521, and ECC SECG P-256k1.